Home » Currently Reading:

AKC14: Production and Account Security

Description:

Describes any online or batch security procedures or protected log-on IDs required for the application. Also documents any occurrences of “hard coded” IDs or devices in programs for the purposes of support. Identifies all security functions required for the various technical or user functions. These functions could be within the development, support or application user environments. There may be specific security by department role, or by development/test regions, specific functions that only certain users can access. Security administrators and contact information is also provided. This helps add or change any security options or settings quickly with a minimum of wasted time.

Provides an understanding of security requirements that must be addressed when (a) adding a new support team member or user and (b) adding or modifying system features.

Provides information such as:

  • ID’s that are necessary to support the application
  • Access Authority for Environments, Data Sets and Transactions
  • A Security Profile for the Application

How is it used?

Identifies all security functions required for the various technical or user functions. These function could be within the development, support or application user environments. There may be specific security by department role, or by development/test regions, specific functions that only certain users can access. Security administrators and contact information is also provided. This helps add or change any security options or settings quickly with a minimum of wasted time.

Why is it important?

(1) Provides information, guidelines and contacts for setting up or changing application security for environments and user access.
(2) Provides understanding of security requirements that must be addressed when (a) adding a new support team member or user and adding or modifying system features.
(3) Provides information such as:

  • ID’s that are necessary to support the application
  • Access Authority for Environments, Data Sets, and Transactions
  • A Security Profile for the Application

Our Sponsors

IT Support Services Comments

  • Bob Anderson: Daniel, from a certain point of view you are correct. CMMI- DEV deals primarily with software development best practices, the old CMM Level-5 dealt a great deal with defects. However, as you know the ...
  • Bob Anderson: Gunter, there are many possible SLA components and metrics that can be defined for any application software support. First I would recommend that you read this article which I had published in Compute...
  • Bob Anderson: Amiet, I would put it under the "Incident" process and track dates, number of occurrences, how much lost time, cause (who did it). You will need data for management if the practice has to stop. If you...
  • Bob Anderson: Amit, first of all why is the customer powering down the equipment? This should be brought to the attention of management and a very strong note sent to whoever is doing this.  If they are doing it on...
  • Bob Anderson: Mark, it is doubtful that you can fix the problem, it is mainly a management issue. The best you can do is to gather statistics on the backlog of enhancements, the number and severity of incidents, an...

ITIL V3 Application Support Q & A

If you have any question on the blog content or have some specific question on how ITSM & ITIL can dramatically improve performance and reduce the cost of your Application Support service "Ask Bob"
Question :
Hi Bob, Since I have make a control of doubts from our dealers questions, that uses our SW, is possible to see evaluation of our intern SLA. Me question is: I find only three metrics using to compare months to months our evolaution: error programs, legislation, improvem...
Answer :
Gunter, there are many possible SLA components and metrics that can be defined for any application software support. First I would recommend that you read this article which I had published in Computer World on "How to create Meaningful IT Support SLA's"  use this link...
Question :
In your answer to "Question : bugs, known errors and kb articles". You refer to CMMI-DEV and talk about defects and say that CMMI-DEV is for software development and does not deal with operations. So, is that another way of saying that CMMI-DEV ignores operations? Isn't...
Answer :
Daniel, from a certain point of view you are correct. CMMI- DEV deals primarily with software development best practices, the old CMM Level-5 dealt a great deal with defects. However, as you know the folks who developed the original CMM  were not really initially inter...
Question :
Hi Bob, Continuing on the question i posted yesterday. I understand your comment and we have actually done that. It is a reactive approach and we now want to move to a praoctive approach and want to understand if these activities should be managed under the change proce...
Answer :
Amiet, I would put it under the "Incident" process and track dates, number of occurrences, how much lost time, cause (who did it). You will need data for management if the practice has to stop. If you want to be "proactive" in stopping this practice" you must capture bu...
Question :
The chaos in applicaiton support in my company is in part due to the limited resources assigned to aging applications and very little documentation. How do I suggest that we need help?
Answer :
Mark, it is doubtful that you can fix the problem, it is mainly a management issue. The best you can do is to gather statistics on the backlog of enhancements, the number and severity of incidents, and how many technical support calls from users you get and the average...
Question :
If a customer is powering down equipment at his site and it will bring down the services during that time, should this be recorded as a change. You will not have any control over this activity and this activity is managed by the customer himself. These activities may ha...
Answer :
Amit, first of all why is the customer powering down the equipment? This should be brought to the attention of management and a very strong note sent to whoever is doing this.  If they are doing it on their own without any instruction to do so and it affects other user...

Popular Content